020101-contact-crm

Pass

Audited by Gen Agent Trust Hub on Jul 8, 2026

Risk Level: SAFECOMMAND_EXECUTIONEXTERNAL_DOWNLOADSPROMPT_INJECTION
Full Analysis
  • [COMMAND_EXECUTION]: The scripts scripts/export.py and scripts/validate.py utilize the subprocess module to execute pip install commands. This allows the skill to modify the execution environment by installing software.
  • [EXTERNAL_DOWNLOADS]: The skill is configured to automatically fetch and install dependencies from the Python Package Index (PyPI) if they are missing at runtime.
  • [PROMPT_INJECTION]: The skill possesses a surface for indirect prompt injection by reading and processing data from external CSV files (contacts.csv, organizations.csv, products.csv). If these files contain malicious instructions, they could influence agent behavior during data processing tasks.
  • Ingestion points: Data is loaded from CSV files in scripts/contacts.py, scripts/organizations.py, scripts/products.py, and scripts/validate.py.
  • Boundary markers: No specific delimiters or instructions are provided to the agent to treat CSV content as untrusted data.
  • Capability inventory: The skill can perform file writes, shell command execution (via subprocess), and complex data processing.
  • Sanitization: While the scripts perform basic string normalization and validation for functional purposes, there is no sanitization to prevent the interpretation of data as instructions.
Audit Metadata
Risk Level
SAFE
Analyzed
Jul 8, 2026, 12:19 PM
Security Audit — agent-trust-hub — 020101-contact-crm